Generating and Importing the Certificate

How-Tos for VMware Solutions

Audience
Public
Source Type
Documentation

VMware will not support Self Signed Certificates in ESXi 6.7 and higher, for use with registering Storage Providers. Use of Multi-vCenter Support will require the use of a Signed Certificate being imported to VASA on the FlashArray. So long as the CA's Root Cert is added to the vCenter's list of Trusted Root certs, then the VASA Provider can be registered to that vCenter.

There are two main ways to get a Signed Certificate for VASA on the FlashArray. The first is to use a CA (Certificate Authority) to sign a CSR generated from the FlashArray for VASA-CT0 and VASA-CT1. The second method is to leverage OpenSSL to manually create a signed cert and private key pair. Getting a CA to sign the CSR is the strongly recommended method. OpenSSL method should really only be used in test environments.